Tools

Recommended Tools

Here you will find links to Tools recommended by our readers/partners.

If you would like to contribute a Tool—send it in!

Open-Source And Non-Commercial

The following are essential security tools that will help you to secure your systems and networks. These open source security tools have been given the essential rating due to the fact that they are effective, well supported and easy to start getting value from.

1. Nmap – map your network and ports with the number one port scanning tool. Nmap now features powerful NSE scripts that can detect vulnerabilities, misconfiguration and security related information around network services. After you have nmap installed be sure to look at the features of the included ncat – its netcat on steroids.

2. OpenVAS – open source vulnerability scanning suite that grew from a fork of the Nessus engine when it went commercial. Manage all aspects of a security vulnerability management system from web based dashboards. For a fast and easy external scan with OpenVAS try our online OpenVAS scanner.

3. OSSEC – host based intrusion detection system or HIDS, easy to setup and configure. OSSEC has far reaching benefits for both security and operations staff.

5. Metasploit Framework – test all aspects of your security with an offensive focus. Primarily a penetration testing tool, Metasploit has modules that not only include exploits but also scanning and auditing.

6. OpenSSH – secure all your traffic between two points by tunnelling insecure protocols through an SSH tunnel. Includes scp providing easy access to copy files securely. Can be used as poor mans VPN for Open Wireless Access points (airports, coffee shops). Tunnel back through your home computer and the traffic is then secured in transit. Access internal network services through SSH tunnels using only one point of access. From Windows, you will probably want to have putty as a client and winscp for copying files. Under Linux just use the command line ssh and scp.

7. Wireshark – view traffic in as much detail as you want. Use Wireshark to follow network streams and find problems. Tcpdump and Tshark are command line alternatives. Wireshark runs on Windows, Linux, FreeBSD or OSX based systems.

8. Kali Linux was built from the foundation of BackTrack Linux. Kali is a security testing Linux distribution based on Debian. It comes prepackaged with hundreds of powerful security testing tools. From Airodump-ng with wireless injection drivers to Metasploit this bundle saves security testers a great deal of time configuring tools.

9. Nikto – a web server testing tool that has been kicking around for over 10 years. Nikto is great for firing at a web server to find known vulnerable scripts, configuration mistakes and related security problems. It won’t find your XSS and SQL web application bugs, but it does find many things that other tools miss. To get started try the Nikto Tutorial or the online hosted version.

Updated 2017 to include another 5 high quality open source security tools. These additional projects are all very much focused on the defenders side. With in depth traffic analysis, intrusion detection and incident response all covered. Interesting to see sponsors of these projects include Facebook, Cisco and Google.

11. Moloch is packet capture analysis ninja style. Powered by an elastic search backend this makes searching through pcaps fast. Has great support for protocol decoding and display of captured data. With a security focus this is an essential tool for anyone interested in traffic analysis.

12. Bro IDS totes itself as more than an Intrusion Detection System, and it is hard to argue with this statement. The IDS component is powerful, but rather than focusing on signatures as seen in traditional IDS systems. This tool decodes protocols and looks for anomalies within the traffic.

13. Snort is a real time traffic analysis and packet logging tool. It can be thought of as a traditional IDS, with detection performed by matching signatures. The project is now managed by Cisco who use the technology in its range of SourceFire appliances. An alternative project is the Suricata system that is a fork of the original Snort source.

14. OSQuery monitors a host for changes and is built to be performant from the ground up. This project is cross platform and was started by the Facebook Security Team. It is a powerful agent that can be run on all your systems (Windows, Linux or OSX) providing detailed visibility into anomalies and security related events.

15. GRR – Google Rapid Response a tool developed by Google for security incident response. This python agent / server combination allows incident response to be performed against a target system remotely.

Commercial And Hybrid etc

#1 Gnu PG: Guarding Your Privacy

The GNU Privacy Guard/GPG is a tool which is used for file and email encryption. A strong encryption measure will provide immense security at the data level. This is a viable open source alternative to PGP or Pretty Good Privacy. It complies with OpenPGP standards. This is command line tool part of major Linux offerings such as Ubuntu, openSUSE, CentOS and Fedora. So, throw your hat in the ring today and use this amazing tool to protect data by using GPG to generate public and private keys in the backup server and import the port key to all data servers from where the backup has to be taken and encrypt it.

#2 Truecrypt: A Real Solution

Many open source utilities are there for disk level encryption. Truecrypt is perfect for disk level encryption. This open source security tool is used for on the fly disk encryption. This handy tool is the correct choice because Truecrypt encrypts automatically before data is saved on the disk and decrypts it completely after it is loaded from the disk sans user intervention.

Application security is as critical as other levels of security because just as web presence and development is increasing, web vulnerabilities are also rising. Application security is important. OWASP is an open source web app security project which provides best practices and code review steps among other guidelines which developers, architects and designers can use to develop secure software.

#4 ClamAV: The Perfect Antivirus Tool

Host level security offers protection for single devices such as servers PCs and laptops. ClamAV is the perfect antivirus system to scan data emanating from different sources. This is an open source antivirus designed for catching malware, viruses and deadly Trojans which attempt to steal information.

#5 OSSEC: Integrating Security Needs

Open Source SECurity is a open source tool that provides SIM and SEM solution as well as log monitoring. This is an open source HIDS or Home Based Intrusion Detection System. OSSEC helps customers to meet standards and integrate Security Incident Management and Security Event Management.

#6 Snort: IDS/IPS Tool with a Difference

Snort is an open source network IDS/IPS (Intrusion Detection and Prevention System) which performs detection and analysis of network traffic moving across in a more detailed way than an average firewall. IDS and IPS tools are known for analyzing traffic and comparing the packet to database of previous or known attack profiles. IDS tools alert IT staff regarding attacks, but IPS systems go a step further-they block harmful traffic. A blend of the two is an essential part of a comprehensive security architecture.

#7 OpenVAS: Providing Comprehensive Vulnerability Scanning

OpenVAS is a framework of services and tools offering intensive vulnerability scanning as well as management systems. It is the open source version of Nessus. Vulnerability management can be added to patch and configuration management plus antivirus software for blocking/destroying malware.

#8 BackTrack: On the Right Path

This well known Linux based security distribution is employed for penetration testing. This offers a one stop solution for security needs and comprises more than 300 OSS tools categorized into different areas.

#9 OSSIM: All in One Security Solution

Open Source Security Information Management provides for a Security Information and Event Management solution which has integrated open source software’s Snort, OpenVAS, Mrtg, NTOP, and Nmap. This is a cost effective solution for monitoring health and security of network/hosts.

#10 IPCop: Protecting the Perimeter

Perimeter…it is the final frontier where the network ends and internet security commences. Perimeter comprises one/more firewalls for protecting the network. IPCop is a Linux based firewall distribution configured and made to protect the network. It can run on individual machines or behind the ISP network. Other functionalities offered by IPCop include DNS server, Proxy server and DHCP server.

A VIRTUAL COMMUNITY OF CYBERSECURITY PRACTICE

Founding, building, and nurturing a Cybersecurity Science for everyone. We are a one-stop-shop for learning from—and contributing to—the latest findings and new scientific thinking emerging from the computer security community.

We extend a warm welcome to you, and an open invitation to get involved; no matter what your expertise level; and do contribute ideas, thoughts and experiences for the benefit of all.

SCIENCE OF CYBERSECURITY FRAMEWORK

In order to establish a logically coherent statement of basic theory, and to enable orderly progression of the same; we hereby define the Science Of Cybersecurity Framework (SCF).

Whereby, the SCF comprises all of the fundamental Cybersecurity axioms, principles, concepts, events and processes etc. The upshot is a complete characterisation of the entire subject matter of Information Security.

The purpose of the SCF is not to list, in an exhaustive fashion, every possible instance of a Cybersecurity failure/vulnerability and/or protective measure; but rather to define all of the logical elements that could possibly comprise the same. In other words, the SCF seeks to identify all of the universals of Cybersecurity, in the belief that any particulars will naturally follow.

WE NEED YOU!

Obviously development of a new science—is not the job of one person alone; but rather science can only arise, evolve and progress through consensus; and by the power of multiple brains.

Consequently, we invite members of the Cybersecurity community to get involved and contribute to this effort.

The Science of Cybersecurity – by Alan Radley (2017). Free digital edition is here, and the printed edition is on Amazon here.

Sample Reviews

Excellent read! Succinct and accurate on a subject that normally wanders into tangential discussions confusing and diffusing the goal… Radley breaks down today’s hottest topic in a way that provides reference to students as well as guidance to the more learned… I found it spot on and a fine addition to the body of work on cyber-security but specifically to the discussion of privacy within communications… I see this as a reference document for students studying cyber security as well as an excellent read for CTOs, CSOs, CISOs, and CEOs laboring over how to analyze their needs for increased security… allows you to hit the highlights or dive deeper into the subject with your many charts, diagrams, and glossary of terms.

Will no doubt be recognized as one of the seminal works on security, establishing definitions and clarity where others have dealt with assumptions… it is not very often that one is exposed to a work that is truly ground breaking in a field, but this is one of those works. Rather than expounding on the implementation of security as many do, Dr. Alan Radley astutely asks (and then suggests an answer for) the rather naive, yet deceptively complex question “What is security?”, or more precisely “How does one characterize a communication system for secure data transfer?” As Dr. Radley examines this question, the reader becomes aware that the answer is much more elusive than one first assumes.

As Dr. Radley builds a working compendium of definitions needed to examine the issue, the reader becomes more and more aware that the current vernacular is insufficient for discussing secure communication at a philosophical level, and if we cannot agree on what it means to be secure or private in thought, how can we accomplish it in act? It is here, laying the foundation of formal definition of socially secure communication, that Dr. Radley’s work is groundbreaking and will no doubt be referenced by many works to come.

As cyber education evolves to meet the pace of change in our digital world so does the need for good reference books.. a timely and spot on publication that I shall be recommending to my students; well done Dr Radley.

Professor Richard Benham – National Cyber Skills Centre, UK.

An excellent read and would definitely recommend this to our AISA members as a way to get a different perspective on security.

In a world full of privacy breaches, Radley timely develops a framework that delves into complexity of technical and human-centric factors that affect our perception of privacy and cybersecurity. I recommend this book to everyone who is interested in making our cyber world more secure.

Vitali Kremez (6/2/2016) – CyberCrime Investigative Analyst.

The book provides the reader with an accurate and objective view of the life-cycle of the exposures and vulnerabilities which are associated with the technological shadow cast over all individuals, and organisations. This is a unique piece of work… an excellent read, and deserves a place on every security professional’s bookshelf who is seeking a balanced and objective view of the current, and futuristic Cyber Security Landscape.

Professor John Walker – Nottingham Trent University.

Alan Radley makes sense of the complexities which ordinarily restrict this topic to IT people only… required reading for anyone focused on secure and private communication… What’s more, Alan’s no-nonsense approach and fearless honesty, is refreshing. I recommend this to those interested in making certain that their communication is more private, secure and resilient.

Bill Montgomery – CEO – Connect In Private.

A brilliant book! Did it make me wiser? Yes…

Pantazis Kourtis – Member of the Board of Directors at London Chapter at ISACA.

I commend this book to a wide readership. Well done Sir, more please.

Tony Collings OBE -Chairman – The ECA Group.

A very concise body of work, that belies its length for the practical application of useful data in a highly complex area… should be required reading for anyone providing third party services whereby their security claims cannot be held up without transparency. Ignore this work at your peril.

Christian Rogan – Vice President, Royal Holloway Enterprise Centre.

I highly recommend this book for individuals interested in understanding the challenges facing the security and information assurance specialist. Dr. Radley’s direct approach provides an excellent read and can enable valuable insights into an extremely complex topic such as security.

What Kind Of A Science Is Cybersecurity?

Cybersecurity is impossible to develop as a logical subject of study—without first establishing an observational science that identifies what we are dealing with in the first place.

Ergo, we become able to know what kinds of phenomena to look for, measure, model and control. Thus we define a set of Absolute Security metrics—and accordingly fully prescribe the various classes/types of Cybersecurity vulnerabilities—plus evolve truly effective countermeasures… >>

Avoid Hacking And data-Breaches With KeyMail

‘Cloud’ copies are highly vulnerable to hacking; largely because they will be around for a very long time—possibly forever—and as a result may be subject to innumerable future hacking attacks.

For Absolute Security in interpersonal communications, the KeyMail file-transfer protocol eliminates ‘cloud’ copies altogether; whereby client data transfers directly between devices. We call this Single-Copy-Send—and the upshot is that there are no vulnerable ‘third-party’ copies to attack, and hence no hacking risks… >>